GO-2026-4386 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal in github.com/siyuan-note/siyuan/kernel

SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal in github.com/siyuan-note/siyuan/kernel...

SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal

File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...

PT-2026-3146

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.6 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. A previous attempt to prevent the execution of Windows batch and shell files by checking file extensions .bat or .cmd was ineffective due to a...

TencentOS Server 4: tomcat (TSSA-2025:0440)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0440 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Apache Tomcat 10.1.0.M1 < 10.1.41

The version of Tomcat installed on the remote host is prior to 10.1.41. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.41security-10 advisory. - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constrain...

CVE-2004-2154

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive...